In the claims: 

Please amend the claims as follows: 

Claim 1 (Currently Amended) A method for constructing and caching a chain of file 
identifiers in a computing system environment that represent the chain of file identifiers 
representing a full path to a file system resource the method comprising the steps of: 

processing a file system resource's defined name (UN) into a file identifier (FID) 
and defined name database: 

retrieving from the defined name database a first file identifier for a first file 

system resource, the retrieved file first identifier corresponding to a first defined name of 
the first file system resource: 

adding the r etrieved first file identifier to a chain of file identifiers, the added file 

identifier being the first file identifier in the chain: 

retrieving a se cond file identifier for a second file system resource in a full path of 
the first file system resource: 

adding the second retrieved file identifier to the chain: and 

repeating s aid step of retrieving a next file identifier for a next file system 

resource a nd said step of adding the next retrieved file identifier to the chain until a file 
identifier for each file system resource in a full path of the first file system resource is 
retrieved and added in the chain:- and 

storing the co nstructed chain of file identifiers in a cache storage location. 

retrieving a file identifier corresponding to tho file system resource which is tho 
target of the access att e mpt and a file identifier chain for the directory of tho target 
system resource; 

searching for tho effective security classification category and defined namo for 
th e targot r e sourco fil e identifier; 

updating tho s e curity classification system, when said s e arch finds a security 
classification category for the target r e source file idontifior; 

d e termining whothor operations for tho targot filo system resource could affect tho 
fil e system namo spac e ; and 
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te rminating said method when op e ration do e s not aff e ct th e fil e syst e m nam e 

spac e . 

Claim 2 (Canceled) 
Claim 3 (Canceled) 
Claims 4 (Canceled) 
Claims 5 (Canceled) 
Claim 6 (Canceled) 
Claim 7 (Canceled) 
Claim 8 (Canceled) 
Claim 9 (Canceled) 
Claim 10 (Canceled) 
Claim 1 1 (Canceled) 
Claim 12 (Canceled) 
Claim 13 (Canceled) 
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Claim 14 (Currently amended) A computer program product in a computer readable 
medium for use in constructing and caching a chain of file identifiers in a computing 
system environment, th e chain of file identifiers representing that represent a full path to 
a file system resource comprising: 

instructions fo r processing a file system resource's defined name (DN) into a file 
identifier CF1D) and defined name database: 

instructions for retrieving from the defined name database a first file identifier for 

a first file system reso urce, the retrieved first file identifier corresponding to a defined 
name of the first file system resource: 

instructions for adding the retrieved first file identifier to a chain of file 
identifiers, the added fi rst file identifier being the first file identifier in the chain: 

instructions for retrieving a second file identifier for a second file system resource 
in a full path of the first file system resource: 

instructions fo r adding the second retrieved file identifier to the chain: 

instructions for repeating said instructions for retrieving a next file identifier for a 
next file system resourc e and said instructions for adding the next retrieved file identifier 
to the chain until a fil e identifier for each file system resource in a full path of the first 
file system resource is retrieved and added in the chain: and 

instructions for storing the constructed chain of file identifiers in a cache storag e 
location. 

instructions for rotrioving a filo idontifior oorrooponding to tho filo oyotom 
resourco which ia tho targot of the access attompt and a filo identifier chain for tho 
dir e ctory of tho target system rosouroo; 

instructions for searching for tho offoctivo security classification catogory and 
d e finod name- for tho targot rooourco filo id e ntifier; 

instructions for updating the socurity classification syotom, whon said soaroh finds 
a security classification catogory for tho targot r e sourco filo idontifior; 

instructions for dotormining whether oporations for tho target filo system rosouroo 
could affect th e filo system nam e opaco; and 

instructions for torminating said method whon operation does not affoct tho filo 
syst e m nam e spaco. 
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Claim 15 (Canceled) 
Claim 16 (Canceled) 
Claim 17 (Canceled) 
Claim 18 (Canceled) 
Claim 19 (Canceled) 
Claim 20 (Canceled) 



Claim 21 (Canceled) 
Claim 22 (Canceled) 
Claim 23 (Canceled) 
Claim 24 (Canceled) 
Claim 25 (Canceled) 
Claim 26 (Canceled) 

Claim 27 (Original). A computer connectable to a distributed computing system, which 
includes file system objects containing information accessed during the execution of 
application and system programs comprising: 

a processor; a native operating system; application programs; 

an external authorization program overlaying said native operating system and 
augmenting standard security controls of said native operating system; 

a cache storage location for store file identifier chains which represent paths to 
system resources, said cache providing for faster searches of file identifiers; and 

an access decision component within said external authorization program for 
determining access to protected file system objects. 

Claim 28 (Original) The method as described in claim 1 wherein said method is 
implemented through the use of externally stored attributes, said attributes being security 
rules for system resources and further comprising the step of attaching security rules of a 
directory to all files in said directory. 
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